nyanloutre/nixos-config
1
1
Fork 1
Code Issues Pull Requests Releases Wiki Activity

Compare commits

base: nyanloutre:3bba3d3e233332836865d632572441b011275c54
Branches Tags
nyanloutre:master
..
compare: nyanloutre:b1987859d5728e7a05fd8f4f95b7063a4cd18c6b
Branches Tags
nyanloutre:master

No commits in common. "3bba3d3e233332836865d632572441b011275c54" and "b1987859d5728e7a05fd8f4f95b7063a4cd18c6b" have entirely different histories.
3bba3d3e23 ... b1987859d5

3 changed files with 23 additions and 81 deletions
Show Stats Expand all files Collapse all files

41
services/site-max.nix
View File

@ -28,51 +28,14 @@ in
${cfg.domaine} = { ip = "127.0.0.1"; port = cfg.port; auth = false; }; ${cfg.domaine} = { ip = "127.0.0.1"; port = cfg.port; auth = false; };
}; };
services.nginx = { services.nginx.virtualHosts = {
virtualHosts = {
"max" = { "max" = {
listen = [ { addr = "127.0.0.1"; port = cfg.port; } ]; listen = [ { addr = "127.0.0.1"; port = cfg.port; } ];
locations."/" = { locations."/" = {
root = "/run/site-max/result"; root = pkgs.site-max;
}; };
}; };
}; };
};
systemd.services.build-site-max = {
description = "Compilation du site de Max Spiegel";
requires = ["network-online.target"];
path = with pkgs;[ git nix ];
environment = { HOME = "/var/lib/site-max"; NIX_PATH = "nixpkgs=/nix/var/nix/profiles/per-user/root/channels/nixos/nixpkgs"; };
serviceConfig = {
DynamicUser = true;
RuntimeDirectory = "site-max";
RuntimeDirectoryPreserve = "yes";
CacheDirectory = "site-max";
Type = "oneshot";
ExecStart = "${pkgs.writeShellScriptBin "build.sh" ''
set -x
set -e
GIT_CLONE_DIR=/var/cache/site-max
if [ ! -d $GIT_CLONE_DIR/.git ]; then
git clone --depth 1 https://github.com/nyanloutre/site-max.git $GIT_CLONE_DIR
else
git -C $GIT_CLONE_DIR pull
fi
nix-build -o /run/site-max/result $GIT_CLONE_DIR
''}/bin/build.sh";
};
};
systemd.timers.build-site-max = {
description = "Timer de compilation du site de Max";
requires = ["network-online.target"];
wantedBy = ["multi-user.target"];
timerConfig = { OnCalendar = "*:0/5"; Unit = "build-site-max.service"; };
};
}; };
} }

1
systems/LoutreOS/configuration.nix
View File

@ -62,7 +62,6 @@
telnet telnet
tldr tldr
fzf fzf
file
]; ];
nixpkgs.config.allowUnfree = true; nixpkgs.config.allowUnfree = true;

32
systems/LoutreOS/services.nix
View File

@ -42,8 +42,8 @@ in
services = { services = {
"grafana.${domaine}" = { ip = "127.0.0.1"; port = 3000; auth = true; }; "grafana.${domaine}" = { ip = "127.0.0.1"; port = 3000; auth = true; };
"emby.${domaine}" = { ip = "127.0.0.1"; port = 8096; auth = false; }; "emby.${domaine}" = { ip = "127.0.0.1"; port = 8096; auth = false; };
"radarr.${domaine}" = { ip = "127.0.0.1"; port = 7878; auth = true; extraAcls = "acl API path_beg /api\n"; aclBool = "!AUTH_OK !API"; }; "radarr.${domaine}" = { ip = "127.0.0.1"; port = 7878; auth = true; extraAcls = "acl API url_beg /api\n"; aclBool = "!AUTH_OK !API"; };
"sonarr.${domaine}" = { ip = "127.0.0.1"; port = 8989; auth = true; extraAcls = "acl API path_beg /api\n"; aclBool = "!AUTH_OK !API"; }; "sonarr.${domaine}" = { ip = "127.0.0.1"; port = 8989; auth = true; extraAcls = "acl API url_beg /api\n"; aclBool = "!AUTH_OK !API"; };
"transmission.${domaine}" = { ip = "127.0.0.1"; port = 9091; auth = true; }; "transmission.${domaine}" = { ip = "127.0.0.1"; port = 9091; auth = true; };
"syncthing.${domaine}" = { ip = "127.0.0.1"; port = 8384; auth = true; }; "syncthing.${domaine}" = { ip = "127.0.0.1"; port = 8384; auth = true; };
"jackett.${domaine}" = { ip = "127.0.0.1"; port = 9117; auth = true; }; "jackett.${domaine}" = { ip = "127.0.0.1"; port = 9117; auth = true; };
@ -171,7 +171,7 @@ in
nfs.server = { nfs.server = {
enable = true; enable = true;
exports = '' exports = ''
/mnt/medias 192.168.0.0/16(ro,no_root_squash) /mnt/medias 192.168.0.0/24(ro,no_root_squash)
/exports/steam 192.168.0.0/24(rw,no_root_squash) /exports/steam 192.168.0.0/24(rw,no_root_squash)
''; '';
statdPort = 4000; statdPort = 4000;
@ -394,39 +394,19 @@ in
{ commands = [ { command = "${pkgs.smartmontools}/bin/smartctl"; options = [ "NOPASSWD" ]; } ]; users = [ "telegraf" ]; } { commands = [ { command = "${pkgs.smartmontools}/bin/smartctl"; options = [ "NOPASSWD" ]; } ]; users = [ "telegraf" ]; }
]; ];
networking = { networking.firewall.allowedTCPPorts = [
wireguard.interfaces = {
wg0 = {
ips = [ "192.168.20.1/24" ];
privateKeyFile = "/mnt/secrets/wireguard/wg0.privatekey";
listenPort = 51820;
allowedIPsAsRoutes = false;
peers = [
{
allowedIPs = [ "0.0.0.0/0" ];
publicKey = "b/SXiqo+GPdNOc54lyEVeUBc6B5AbVMKh+g5EZPGzlE=";
}
];
};
};
firewall.allowedTCPPorts = [
111 2049 4000 4001 4002 # NFS 111 2049 4000 4001 4002 # NFS
3483 9000 9090 # Slimserver 3483 9000 9090 # Slimserver
51413 # Transmission 51413 # Transmission
8448 # Matrix federation 8448 # Matrix federation
20 21 # FTP 20 21 # FTP
]; ];
networking.firewall.allowedTCPPortRanges = [
firewall.allowedTCPPortRanges = [
{ from = 64000; to = 65535; } # FTP { from = 64000; to = 65535; } # FTP
]; ];
networking.firewall.allowedUDPPorts = [
firewall.allowedUDPPorts = [
111 2049 4000 4001 4002 # NFS 111 2049 4000 4001 4002 # NFS
3483 # Slimserver 3483 # Slimserver
51413 # Transmission 51413 # Transmission
51820 # Wireguard
]; ];
};
} }